Payment card data is perhaps the most well-known data type stolen and sold, according to Intel Security Group’s McAfee Labs. In the company’s latest Hidden Data Economy report, it found the average estimated price for stolen credit and debit cards ranges between $21 to $40 in Australia.

This is compared to $5 to $30 in the US; $20 to $35 in the UK; $20 to $40 in Canada; and $25 to $45 in the European Union.

The researchers found a value hierarchy in how this stolen credit and debit cards is packaged, priced, and sold in the dark market.

A basic offering includes a software-generated, valid number that combines a primary account number (PAN), an expiration date, and a CVV2 number. Sellers refer to a valid number combination as a Random.

It claimed valid credit card number generators can be purchased or found for free online. Prices rise based on additional information that allows criminals to accomplish more things with the core data, including data such as the bank account ID number, and the victim’s date of birth.

This also includes information categorised as Fullzinfo, which comprises the victim’s billing address, PIN number, social security number, date of birth, the mother’s maiden name, and even the username and password used to access, manage, and alter the cardholder’s account online.

Intel Security Europe, Middle East, and Africa chief technology officer, Raj Samani, said like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behaviour.

“This cybercrime-as-a-service marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber-attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay,” he said.

Samani mentioned a criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges.

“Provide that criminal with extensive personal information used to verify the identity of a card holder, or even allow him to access the account and change the information, and the potential for extensive financial harm – to the individual and card issuer – goes up dramatically,” he added.

Other findings from the study include:

• Cybercriminals can purchase banking login credentials and services allowing them to stealthily transfer stolen funds across international borders. McAfee Labs found login credentials for a $2200 balance account selling for $190. This increased to $500 for a $6000 account balance and to $1200 for a $20,000 account balance.

• Online payment service login credentials were priced between $20 and $50 for account balances from $400 to $1000 and between $200 and $300 for balances from $5000 to $8000 respectively.

• Login credentials to hotel loyalty programs and online auction accounts are also offered for sale - a major hotel brand loyalty account with 100,000 points went for sale for $20, and an online auction community account with high reputation marks priced at $1400.

ARN Distributor Directory

ARN Vendor Directory

Slideshows

Selling the benefits of the software-defined data centre

In looking ahead to the future of the data centre, a software-defined reality is emerging. This exclusive ARN roundtable, in association with APC by Schneider Electric, Cisco, HPE, Lenovo and Veritas, assessed the benefits of selling a software-defined data centre strategy, uncovering the key market trends and ongoing partner opportunities.

The channel toasted the top performing players within the Australian market during 2017, as the 11th running of the ARN ICT Industry Awards kicked off with a Champagne Reception at the Hyatt Regency in Sydney - sponsored by Westcon-Comstor and Juniper Networks.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.